Free Splunk SPLK-1002 Exam Dumps and SPLK-1002 Exam Questions

Question No: 11

MultipleChoice

Which search would limit an 'alert' tag to the 'host' field?

Options

Atag=alert

Bhost::tag::alert

Ctag==alert

Dtag::host=alert

Question No: 12

MultipleChoice

Based on the macro definition shown below, what is the correct way to execute the macro in search string?

Options

AConvert_sales (euro, , 79)''

BConvert_sales (euro, , .79)

CConvert_sales ($euro,$$,s79$

DConvert_sales ($euro, $$,S,79$)

Question No: 13

MultipleChoice

What is the correct syntax to search for a tag associated with a value on a specific fiedsd?

Options

ATag-<field?

BTag<filed(tagname.)

CTag=<filed>::<tagname>

DTag::<filed>=<tagname>

Question No: 14

MultipleChoice

What does the following search do?

index=condlog type=mysterymeat action=eaten I scats count as cornlog_count by us:

Options

ACreates a table of the total count of users and split by corndogs.

BCreates a table of the total count of mysterymeat corndogs split by user.

CCreates a table with the count of all types of corndogs eaten split by user.

DCreates a table that groups the total number of users by vegetarian corndogs.

Question No: 15

MultipleChoice

Which of the following statements is true, especially in largo environments?

Options

AUse the scats command when you next to group events by two or more fields.

BThe scats command is faster and more efficient than the transaction command

CThe transaction command is faster and more efficient than the stats command.

DUse the transaction command when you want to see the results of a calculation.

Question No: 16

MultipleChoice

Which of the following actions can the aval command perform?

Options

ARemove fields from results.

BCreate or replace an existing field.

CGroup transactions by one or more fields.

DSave SPL commands to be reused in other searches.

Question No: 17

MultipleChoice

A user wants to convert field values to string and also to sort on those value. Which command should be used first, the eval or the sort?

Options

AIt doesn't matter whether eval or sort is used first.

BConvert the numeric to a string with eval first, then sort.

CUse sort first, then convert the numeric to a string with eval.

DYou cannot use the sort command and the eval command on the same field.

Question No: 18

MultipleChoice

When using timechart, how many fields can be listed after a by clause? ( Choose Two )

Options

Abecause timechart doesn't support using a by clause.

Bbecause _time is already implied as the x-axis.

Cbecause one field would represent the x-axis and the other would represent the y-axis.

DThere is no limit specific to timechart.

Question No: 19

MultipleChoice

Which of the following statements describe the search string below?

dacamodel Application_State All_Application_State search

Options

AEvents will be returned from dataset named Application_state.

BEvents will be returned from the data model named Application_State.

CEvents will be returned from the data model named All_Application_state.

DNo events will be returned because the pipe should occur after the datamodel command

Question No: 20

MultipleChoice

Data model are composed of one or more of which of the fo-owing datasets? (select all that apply.)

Options

AEvents datasets

BSearch datasets

CTransaction datasets

DAny child of event, transaction, and search datasets

Free Splunk SPLK-1002 Exam Dumps - Page 2